Worst Data Security Breaches of 2012, Part 1.

As we begin our work in 2013 it is appropriate to take a look back at the very eventful year just past. There were some stunning data security breaches in 2013, so much so that it was difficult to narrow a list down to a top 10, even limiting the list to events to the US and American targets.

I’m publishing this list in 2 parts to make sure that I give each breach its due while not exceeding the recommended article size. Each of these breaches is worthy of its own article, and some were in the past year.

If there is any one thing that stands out about this list of shame is the prominence of US government entities at every level, state, local and Federal. This should give us pause as we implement the ObamaCare health initiative, which requires digitization of medical records and places an unprecedented amount of new personal information into government hands.

In reverse order of impact, here we go with part 1 of my list, breaches 10 through 6

10. Symantec Source Code Hack

This breach actually occurred in 2011, but was revealed last January when a hacker release source code for Symantec’s 2006 versions of Norton Utilities, pcAnywhere, and Norton Antivirus. Symantec played down the significance of the leak, saying the code was obsolete, but it would have to be extremely useful to hackers looking for ways to exploit security software. Of course, the fact that Symantec’s specialty is network and computer security systems makes this a particularly prominent and embarrassing breach.

9. Compromise of White House Email System

Employees of the White House Military Office were victims of a “Spear Phishing” attack, traced back to Chinese nationals. Although all reports stress that confidential information was not compromised, the fact that the Military Office is in charge of the President’s schedule and the codes to launch nuclear missiles is so alarming that I am compelled to include this on my list.

The incident also highlights the ongoing efforts of China to obtain confidential economic and national security data through cyber-attacks, the subject of the next item on our list.

8. Chinese Assault on American Think Tanks

In October the Chairman of the House Intelligence Committee, Rep Mike Rogers, revealed that the Chinese government has been engaged in a massive cyber espionage effort. He reported what he characterized as a “furious wave of cyber-attacks” by China against American government and business Think Tanks.

Reported targets include the Heritage Foundation, the Center for Strategic and International Studies and the Center for American Progress. Although they are private non-profit organizations, they all play a prominent role in defining our national security, social and economic policies.

While we can’t say what the impact of anyone of these breaches could be, they collectively make this list as representative of a burgeoning cyber war, what I would call the new Cold War.

7. NASA Halloween Laptop Theft.

Like the White House email compromise, the exposure of 10,000 NASA employee records makes the list for reasons other than the sheer size of the breach.

The fact that data from confidential background checks on thousands of employees could be copied unencrypted to a laptop which is then stolen from an unlocked car is jaw dropping. The ease at which data can walk away should give us all pause.

6. US Navy and Homeland Security Hacked

In June a hacker grouped named Digital Corruption breached databases at the US Navy and Homeland Security using SQL injection attacks. They dumped stolen personal data, including user names and passwords onto sub domains operated by these departments.

On the bright side, the group’s intent was to expose the vulnerability and to embarrass the government, not to use the compromise data for nefarious purposes. That’s a good thing because the Navy hack alone exposed the personal information of over 200,000 Navy employees.

The irony, and truly scary part, is that these are huge government agencies whose mission is to protect American’s security.

A second publication of the same source code by the hacker group “Anonymous” rubbed salt in Symantec’s wounds, if nothing else.

If the above has you feeling insecure, wait till you seem my top 5 tomorrow!

Disclaimer: Blog contents express the viewpoints of their independent authors and
are not reviewed for correctness or accuracy by
Toolbox for IT. Any opinions, comments, solutions or other commentary
expressed by blog authors are not endorsed or recommended by
Toolbox for IT
or any vendor. If you feel a blog entry is inappropriate,
click here to notify
Toolbox for IT.

This blog covers topical issues related to Internet Security, such as the latest malware threats, high profile breaches,cyber ...
more

This blog covers topical issues related to Internet Security, such as the latest malware threats, high profile breaches,cyber crimes, cyber war fare and the latest security technology.
This blog encourages readers to be proactive in securing their computers and devices, not just for their own sake but to avoid being an unwitting participant in the nefarious activities of hackers and cyber warriors.
less

Receive the latest blog posts:

Share Your Perspective

Share your professional knowledge and experience with peers. Start a blog on Toolbox for IT today!